Top Bananas | Tag Archives: encryption

The Pointlessness of Backdoors in Encryption

Posted on August 13, 2018 by admin Posted in Software Leave a comment

What it is: Australia’s Parliament may pass a bill requiring backdoors in encryption.

The huge problem with politicians is that they make decisions without having a clear understanding of the issues. In Australia, the government is debating a bill requiring backdoors in encryption to allow the government to access encrypted information. The United States constantly mulls over similar bill periodically as well, under the guise that the government needs to access encrypted data to protect the public.

Encryption backdoors make no sense to anyone with even the faintest knowledge of how encryption works. Encryption backdoors will supposedly allow governments to access encrypted data, but such backdoors will also allow hackers to access encrypted data along with other governments, essentially making encryption useless.

Then there’s the question of whether a government can be trusted. Encryption can protect individuals fighting for freedom and democracy, yet totalitarian governments like North Korea, Russia, China, and others could then exploit encryption backdoors to spy on their own people. So any encryption backdoors will be open to anyone with enough technical knowledge to exploit them. That includes friendly and not-so friendly governments, and malicious hackers.

Any encryption that includes a backdoor will immediately not be used by anyone who wants to keep their data private, and that includes the majority of the world. The moment one form of encryption has a backdoor in it, people will simply choose other options. The US government actually sponsored an open source encryption standard called AES (Advanced Encryption Standard). This standard is open source to show there are no backdoors in it, so this is one of many trusted encryption algorithms that people would use.

Since the AES encryption standard is open source, it’s been in use all over the world. No single government, even the United States, can suddenly put a backdoor into this algorithm without other people not only knowing about it, but also knowing how to exploit it, rendering the encryption standard useless.

Encryption is either on or off. Backdoors never work because governments would never trust any encryption with a backdoor since their own communications could then be compromised. Then everyone would just use the encryption standard the governments use, which defeats the purpose of backdoors in the first place.

Backdoors in encryption sounds handy to protect against criminals or terrorists, but that assumes criminals and terrorists will use encryption that they know others can read. They won’t, which makes backdoors useless.

short-sighted, ignorant government politicians always clamor for encryption backdoors. Anyone with any technical knowledge can easily see that encryption backdoors won’t work, but then again, few government leaders ever bother to deal with facts in the first place.

Protecting Privacy

Posted on May 9, 2018 by admin Posted in Hardware, Software Leave a comment

What it is: The latest iOS beta includes a feature to defeat encryption-cracking devices like GrayKey.

When police want to view the contents of your iOS device, they have to crack the password (or use your fingerprint or face to unlock an iPhone). To crack a password, authorities often use a device called a GrayKey, which essentially cracks passwords through brute force. Brute force means the GrayKey devices tries every possible combination until it finds the right one. Sometimes this can take a small amount of time but usually this takes a longer amount of time, depending on the size and complexity of the password.

That means no matter how secure your password may be, a device like GrayKey can break it eventually. That’s why the latest iOS beta includes a feature that shuts down the Lightning port after seven days. This assumes that if you don’t unlock your iOS device after seven days, it’s probably in the hands of the authorities. Then this will stop a device like GrayKey from accessing the iOS device, essentially keeping the iOS device’s contents safely locked out of sight.

Naturally, this is a two-way sword. Terrorists and criminals can use an iOS device to hide their activities, which is why the FBI and other governments constantly want backdoors in iOS devices so they can access its contents at any time. What the FBI and other governments fail to realize is that if a backdoor is put into any device, then criminals and thieves can access that backdoor as well.

Imagine a bank built with secure walls, but with a secret backdoor that anyone can open if they know where to find it. That means authorities can go into that bank any time they want but if thieves find this backdoor, they can also go into the bank any time they want. Backdoors are worthless because they open any device up to hacking by criminals and thieves, not to mention dishonest and corrupt government officials who could exploit any such backdoor.

Apple will constantly find ways to improve the security of iOS devices and governments will constantly complain they need a backdoor to access devices, completely forgetting that if they have access to any such backdoor, so will criminals, hackers, and thieves.

Expect the next update to iOS to block access through the Lightning port after seven days of inactivity. Security is either one for everyone or off for everyone. There is no in between.

The FBI Still Doesn’t Understand Encryption

Posted on April 16, 2018 by admin Posted in Software Leave a comment

What it is: James Comey’s latest book explains how encryption drove the FBI crazy.

Fired FBI director, James Comes, recently wrote a book called “A Higher Loyalty” where he says that Apple and Google’s default encryption on their mobile devices drove the FBI crazy. One of the quotes from the book says:

I found it appalling that the tech types couldn’t see this. I would frequently joke with the FBI “Going Dark” team assigned to seek solutions, “Of course the Silicon Valley types don’t see the darkness–they live where it’s sunny all the time and everybody is rich and smart.”

The problem with the FBI’s view of encryption is that they want companies like Apple and Google to make encryption easy for the US government to crack. What that means is that such encryption would also make it easy for everyone else to crack, rendering the encryption useless.

So the question boils down to either having encryption on or off. There’s no in between. It’s impossible for encryption to be one for the good guys but easily crackable for the bad guys. That’s like saying math should only be used by good guys and banned from bad guys. For the government to constantly insist on encryption backdoors shoes a clear lack of understanding how encryption works. The government might as well try to van the law of gravity from bad guys as well.

Anyone who argues that encryption should only work for the government clearly does not understand encryption at all. To make such uneducated and inaccurate statements supporting encryption backdoors shows ignorance of the topic. If government officials won’t educate themselves on how encryption works, they’re doing the public a huge disservice by advocating for something that’s clearly impossible.

Any thinking person who takes time to understand encryption will come to the conclusion that encryption backdoors simply will not work. The moment someone advocates for encryption backdoors, that’s a clear signal that that person has no idea what they’re talking about and is broadcasting their blatant ignorance for everyone to see. The trouble is that many other people will also believe in such myths and fail to learn about the fundamentals of encryption.

A topic such as backdoor encryption should be easily dealt with through facts alone. Nobody is arguing against the law of gravity, yet government officials are arguing against a similar impossibility as encryption backdoors. The next time any government official tells you hat encryption backdoors are necessary, that’s a clear sign to question that person’s intelligence.

<br />

The Dilemma of Encryption

Posted on March 11, 2018 by admin Posted in Business, Software Leave a comment

What it is: The FBI recently arrested the CEO of a company selling secure Blackberry smartphones to gang members.

Encryption is a double-edged sword. If it’s secure, then people can use it for criminal activities. Id it’s weak, then ordinary people risk losing data to criminal hackers.

The government’s useless solution is to create encryption with a backdoor that only law enforcement can access. What governments fail to realize is that any backdoor open to law enforcement will also be open to hackers and hackers will find those backdoors eventually.

The US government once tried to get the world to use the Clipper encryption chip which had a backdoor that only the US government could access. So why would foreign countries want to use the Clipper chip if they knew the US government could easily read all of their messages? Would the US government use an encryption chip that the Russian or Chinese government could access easily? Of course not, which makes the Clipper chip and the idea of giving the US government sole backdoor access to encryption totally pointless, yet the US government keeps proposing this time and time again.

The truth is that encryption either works for everyone and nobody. If it works for everyone, then criminals will be able to hide their activities using encryption just as criminals can currently use pencils and paper for writing down notes. The US government won’t suggest banning pencils and paper from people, yet criminals can use them.

If encryption works for no one, then nobody’s information can be secure. Criminals will always find a way to break laws and use whatever technology is available, so banning technology from criminals simply bans technology for everyone, which the US government tried to do once by banning encryption algorithms.

What the US government must do is simply go after criminals. Period. Of course, who they decide are criminals depends on who they want to persecute at the moment. Yet encryption will never be accessible to just the “good guys.” Encryption either works or it doesn’t. There’s no in between, and that’s something the US government still can’t seem to get through their heads.

European Union Proposes Ban on Encryption Backdoors

Posted on June 19, 2017 by admin Posted in Software Leave a comment

What it is: The European Union proposed banning backdoors on encrypted devices to protect citizens’ privacy.

Encryption is nothing more than math. At one time, Hillary Clinton suggested the United States embark on a Manhattan style project (which created the atom bomb) to find a way to crack encryption. The idea was to deny terrorists the ability to use encryption to mask their communication, but that idea has two serious flaws.

First, cracking encryption is always possible, but not always easy. The moment people find a way to easily crack encryption, other people come up with a newer way to create stronger encryption. At one time, banks used an encryption standard called DES (Data Encryption Standard) that most people could never crack. As personal computers got more powerful, it became possible to crack DES encryption in hours using ordinary computers. That essentially made DES useless so that’s why the government created a new encryption standard called AES (Advanced Encryption Standard). AES will likely foil most people and even governments until sometime in the future when computers get even more powerful. Then AES will be as useless as DES is today.

Second, it’s not possible to crack encryption just for bad guys. If you can easily crack encrypted data used by terrorists, you can also easily crack encrypted data used by so-caleld good guys like governments and banks. There’s a reason terrorists and governments don’t use DES to encrypt their data ny more because almost anyone can crack it. Encryption either works for everyone or for no one. There’s no possible way to use encryption just for good guys.

Terrorists can use telephones and pencils to communicate, so it makes as much sense to ban telephones and pencils in case terrorists might try to use them. There’s always two ways at least to look at any problem. One view is to think of how to keep terrorists from using encryption. The other view is to think how to keep everyone’s data safe from prying eyes. It’s not possible to have one without the other.

If we keep data safe, then terrorists can hide data. If we make it impossible for terrorists to hide data, then nobody else will be able to hide data either. The delusion that we can encrypt the good guys’ data while banning encryption for terrorists is ludicrous and impossible.

Encryption is a mathematical problem. Terrorism is a social problem. You can never solve social problems with technology just as you can never solve technology problems with social solutions.

You can see the values of people by how they view problems. The European Union values privacy for its citizens so that’s why they’re proposing a ban on encryption backdoors. Far too many people on the other side value violating the rights of others just as long as they’re not affected by their own rules. Unfortunately, their own rules can be turned against them at a later data. If you ban encryption for terrorists, you also make it easy for criminals and terrorists to spy on everyone else’s data and you still need solve the problem of terrorism.

Encryption is neutral. It doesn’t care what data it’s hiding from others. That’s why Apple resisted the FBI’s early attempt to crack encryption on the iPhone. If Apple could easily crack the encryption on the iPhone to help the police, then Apple (or someone else using the same techniques) could easily crack encryption for anyone using an iPhone. Encryption either protects everyone or nobody. There’s no in between.

Encryption Backdoors

Posted on March 12, 2016 by admin Posted in Programming Leave a comment

What it is: Backdoors to encryption provide a way to read encrypted data without knowing the password.

California, Florida, New York, and other states are proposing laws mandating the availability of encryption backdoors. This essentially highlights the dangers of passing laws on topics without fully understanding the consequences.

To better understand the encryption debate, you need to understand how encryption works. Encryption scrambles data so it can’t be read by anyone unless they know the password. Theoretically, all encryption is breakable but the standard technique for cracking encryption is called brute force. That means you exhaustively try every possible password until you happen to find the right one.

With weak encryption, computers can exhaustively search all possible passwords and eventually find the right one within a reasonable amount of time within hours, days, or months. With strong encryption, computers can still exhaustively search all possible passwords, but it may take millions of years. That effectively makes encryption unbreakable.

One early form of encryption was called the Data Encryption Standard (DES), which thwarted brute force attacks for decades. Then as PCs got more powerful, it became possible to brute force DES encryption. The first attempt to brute force DES encryption took 96 days. The next took 39 days. In 1998, the Electronic Foundation Frontier (EFF) created a computer called Deep Crack that broke DES encryption in 56 hours. An improved version of Deep Crack took only 22 hours.

So any form of encryption will eventually be broken by more advanced computers. The problem right now is that today’s strong encryption standards, such as the Advanced Encryption Standard (AES) cannot be cracked within a reasonable amount of time. It can still be cracked, but it might take thousands of years at least to do so.

That’s why governments want encryption backdoors that allow them to read encrypted data without knowing the password. Here’s the big problem with backdoors of any kind. If they exist, someone will always find it and find a way to exploit it. That essentially eliminates the purpose of encryption, which is to safeguard data.

So the encryption debate really boils down to whether people should have access to encryption or not. Encryption backdoors can keep data safe from most people, but it also provides a wide open hole to knowledgeable people (both good and bad) who can then read your data without your permission.

Encryption backdoors can help the police and other government authorities, but it also opens the possibility of government abuse of their authority and malicious hackers who will eventually find this backdoor and exploit it for their own purposes. That means encryption will be weaker and less secure for everybody.

For those who want encryption backdoors, it will make the job of law enforcement easier but it will make everyone’s data less secure.

For those who oppose encryption backdoors, it will make the job of law enforcement harder but it will make everyone’s data more secure.

So the debate really boils down to how much we trust government authorities and how much security we’re willing to give up. For people who don’t trust the government, encryption backdoors make no sense. For people who do trust the government (despite years of evidence proving they cannot always be trusted), encryption backdoors are worth the price of less security.

Do you trust the government? Ask the people living under dictatorships such as North Korea how much they trust their government. Now ask people living in the United States, such as Muslims or blacks, how much they trust the government. Native Americans have long been cheated by treaties that the US government blatantly broke because the Native Americans had no political power.

If you trust the government, tell everyone why and dispute the evidence from the past that shows when government authorities overstepped their boundaries. Then let us know why we should trust the government in the future.